What Changes Q1 Brought to Cybersecurity

So far, 2018 has brought a number of new trends to the cybersecurity space, some of which were predicted correctly and some were not. Mari Galloway, director of finance and communications at the Women's Society of Cyberjutsu looked at what Q1 brought us.

The first quarter of 2018, what an interesting time to be in cybersecurity! While there haven’t been any major issues (equivalent to the size of Equifax or Yahoo), there are a number of things going on in the cyber space that are worth noting.

Let’s talk about Alexa laughing at users because she thought she heard the command ‘Alexa, laugh’. The fix to this required Amazon to update configurations on the server in the cloud. The fact that Alexa is being integrated into numerous devices but isn’t actively tested by third parties leaves us in an interesting place, relying on the organization that creates and maintains the device to ensure that our data is secure.

Amazon, Apple, Google and others have the ability to make their devices do whatever they want, potentially putting less effort into security and more effort into producing a product. This area of AI and IoT is something watch over the next few quarters of 2018.

Although ransomware isn’t dead in 2018, opportunistic ransomware is on the decline. The goal of ransomware is to make money fast.

As organizations implement better protections for their data, attackers are looking for other ways to make money. The exploit kits of the past are now delivering cryptocurrency miners in place of ransomware.

It’s like systems being adding to botnets in the past: it’s easier to hijack a victims CPU without them knowing from a phishing email or from a browser exploit. Plus, cryptocurrency miners are more profitable then ransomware as companies don’t know how to protect against this threat.

Small-scale ransomware attacks are on the rise reaching a smaller number of targets partially due to lesser-known ransomware families popping up for a few weeks and then disappearing.

Something that was predicted that we are already seeing happen is the use of biometrics to purchase items from your phone. While using face recognition on your phone has been around for a few years, this quarter we saw Apple actively advertising this feature.

My first thought was how could I, the hacker, exploit the vulnerabilities that exist in this technology? While we haven’t seen any exploitation yet, don’t be surprised if we start seeing an uptick in attempts to exploit this feature.

Breaches are continuing to happen daily which will only continue as our technology increases. As a society we are building technology quicker than we can secure it and understand how it works. The race to be the best in everything is the main driver behind the many advances we see and will see in the coming year.